On May 11th President Trump signed a Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure. In that Executive Order the President stated that, “Known but unmitigated vulnerabilities are among the highest cybersecurity risks faced by executive departments and agencies. Known vulnerabilities include using operating systems or hardware beyond the vendor’s support lifecycle, declining to implement a vendor’s security patch, or failing to execute security-specific configuration guidance.” It seems the President agrees with something TELEGRID has been recommending for years, an offline LINUX repository for secure networks.
As an embedded software developer I can go on and on about the many benefits of LINUX. I can easily list hundreds of benefits. What I believe is the greatest though is the LINUX repository.
The LINUX repository is an online archive of open source and proprietary software packages that programmers use for development or maintenance. There is a repository for every LINUX distribution with compiled packages for a multitude of hardware configurations. Software developers can create upgrades or security patches and upload them to the LINUX repository where they can be easily downloaded by users.
Unfortunately, new security risks are forcing system administrators to limit connectivity between secure networks and the internet. You can’t be hacked if a hacker can’t get in. While a closed network is ideal for security, it is a big problem for software maintenance.
Since the LINUX repository is online, the software upgrades are inaccessible on a secure network. For years defense contractors, like TELEGRID, have had to go to great lengths to deploy software upgrades on secure networks. This leads to delays in the deployment of security patches and seemingly endless upgrade cycles.
To resolve these issues we recommend replicating the LINUX repository inside secure networks with an offline LINUX repository. But how do we update the LINUX repository if it is offline? One solution is to deploy a cross domain solution that straddles the secure and unsecure networks. Another solution is compressing repository updates and sending them to a system administrator who can upload them into the offline LINUX repository.
While secure networks are important we must not forget that the main goal is functional, bug-free and secure code. An offline LINUX repository will make it easier to maintain code on secure networks and apply needed security patches. It seems the President agrees.
Beth Flippo is Vice President of Embedded Software at TELEGRID. TELEGRID has unique expertise in secure embedded systems, secure authentication, PKI, and Multi-Factor Authentication (MFA).
Disclaimer: The opinions expressed here do not represent those of TELEGRID Technologies, Inc. The Company will not be held liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.
Author: Beth Flippo
Beth Flippo is the VP of Embedded Software Development at TELEGRID Technologies Inc. She is an alumni of the SUNY Binghamton School of Engineering and Applied Science. She is an expert in secure embedded development for microelectronics and wireless mesh networking. Her amateur radio license call sign is W2QNB. The B-Hive Blog follows her mantra of ‘When you learn, teach’. Her expertise and passion for technology is palpable and evident in her many successful projects.